Legal Data Security and Cloud Security in the Legal Profession Is Now Indispensable
Nearly 60 percent of 2019 TECHREPORT legal technology respondents surveyed by the American Bar Association acknowledged that they use the cloud for work. This is a sharp rise from the 38% who replied in the affirmative for the 2016 version of the survey. Simultaneously, cloud security concerns have risen among legal practitioners. Lawyers deal with highly sensitive and confidential documents, which makes them attractive targets for hackers and cybercriminals.
When it comes to the cloud, assuming and hoping you’re secure is not the same as knowing with certainty. The IT resource managing your security does not necessarily have the requisite knowledge and skills to combat constantly-evolving cyber threats. Taking the initiative to ask the tough questions and apply the appropriate resources is essential in safeguarding your firm. Moving to the cloud is a good business decision. However, as noted by Joe Panettieri of MSSP, ransomware attacks continue to impact legal software platforms. As such, it can also be a scary one.
In order to keep your clients’ data safe while still enjoying the benefits of cloud computing, there are certain protections that you would be wise to implement. Having a budget for your business is important, but server security is not the area where you want to cut corners.
Latest Data and Cloud Security Developments in the Legal Industry
On a panel at October’s Mass Torts Made Perfect conference, Eric Sanchez, the founder of GrowPath, spoke about recent cybersecurity breaches in the legal industry. It’s everyone’s worst nightmare to lose their data, which is why your cloud storage must be a safe haven that is also configured well and vigilantly monitored. According to Sanchez, it’s essential to train staff in best practices in order to prevent a breach. Because staff will never be perfect no matter how much training they’re provided, additional protections must be implemented.
For legal case management providers that rely on platforms such as Salesforce, protection is not as comprehensive as clients would prefer to believe. Someone will inevitably click on something wrong; what then? Only GrowPath has a unique patented method for two-factor authentication to ensure you’re not relying solely on staff discretion.
Sanchez also made the point that there are spheres of protection that need to be utilized beyond traditional software, updates, and firewalls. For example, a physical security key such as a U2F (a dongle with embedded code that is plugged into company computers to facilitate safe logins) can be useful. However, cybersecurity needs to be a top-down effort and not just left to the IT staff. Employees will mimic and adopt the security approach of managing partners and other executives. If it’s an afterthought for you, it’s an afterthought for them. In this regard, it’s a matter of psychology instead of technology. The person in the chair may even be specially targeted by hackers as a direct link to the firm’s servers and critical data and applications.
As far as backups, the best approach is to have multiple backups that are secure, encrypted, tested, and a combination of both online and offline. Data can also be downloaded and exported as a physical backup to an on-prem server. Tempting as it might be from a cost and control perspective, you don’t want to turn to an on-premises or hosted server as your primary solution. Consider who is monitoring the system: a spartan IT staff simply can’t keep up with the speed of black hat hackers. After all, it takes a whole team to keep your system safe but just one bad actor to sabotage your system.
It’s important to remember that IT staff don’t have CLE requirements that keep them on pace with near-daily innovations. The benefits of cloud-based platforms, in contrast, include Artificial Intelligence (AI) and machine learning to stay on the front lines and far outperform the protections of an in-house server. Still, you must from time to time audit any online cloud solution to ensure they too are keeping up with promises made and best industry practices.
Finally, keep in mind that an off-premises server is not necessarily the same thing as a cloud server. You’ll want to verify what your provider is actually offering: If the server with your data is maintained by a third party off-premises but still hosted outside the cloud, it’s not much different or safer than if you maintain the server yourself on-premises. As we’ve seen, having an outside company host your server outside the cloud can still be a risky proposition; instead of investing in costly hardware for on-premises or hosted off-premises solutions, you still manage and maintain a remote data center no different than an in-house one. Meanwhile, a cloud environment that companies are turning to from providers like Amazon Web Services, Google Cloud, and Microsoft Azure offers flexible cloud infrastructure and provides an added umbrella of protection — all while maintaining modernized computing, networking, and storage resources.
Ransomware’s Impact on the Legal Industry
Ransomware is a form of malware where a perpetrator hacks into your system, holds your data hostage, and demands payment in the form of electronic currency such as bitcoin. This can lead to severe interruptions and on-going data privacy concerns. Unfortunately, antivirus software by itself is not enough to protect you from a devastating ransomware attack. Are you employing specialized and cutting-edge protection against ransomware on top of and in addition to your general antivirus software?
According to Laura Calloway, Director of Service Programs for the Alabama State Bar, a ransomware infection is often precipitated by a successful spear phishing attempt. Spear phishing improves on broader phishing attempts by “seeking out information about the target in order to make the email message seem more likely to really be from someone he or she knows, increasing the chances that the recipient will hurriedly and unthinkingly click the link or open the attachment.” Once that happens, ransomware can infiltrate and encrypt all of the data on the hard drive. To make matters worse, “most ransomware programs are now capable of encrypting not just the computer they are installed on but also data on networked drives, including backup drives.”
Ransomware is more than an inconvenience; it could shut down your entire business indefinitely. Ask yourself: Do you have documented procedures for your staff to follow in the event of a ransomware crisis? Do you have a means of communicating effectively with staff if email functionality has been compromised?
Consider how you will notify clients and partners of the situation (and if you will do so even if not legally required in your jurisdiction). If you choose to pay the ransom, do you know where and how you can acquire the necessary cryptocurrency? Do you have insurance for costs and liabilities arising from a cyber attack?
Preventing an Attack
If your organization is hit by ransomware, visit https://www.nomoreransom.org/ and see if there is a known solution for your ransomware variant. Of course, an ounce of prevention is worth a pound of cure. In order to provide you with the best methods for trying to head off a ransomware attack or other cybersecurity event, GrowPath has teamed with Jon Sternstein, Founder and Principal of Stern Security. Stern Security is a premier cybersecurity company headquartered in Raleigh, NC. Ask your IT team how many of these you’re currently utilizing:
Top 10 Solutions and Techniques for Preventing a Cyber Attack
- Have a Data Security Strategy – Implement a data security strategy based on a known framework such as NIST or CIS.
- Use Endpoint Protection – Ensure your organization data security is using an up-to-date endpoint protection product such as anti-virus, anti-malware, or application whitelisting.
- Maintain Your Patching – Apply all security patches to all systems as patches are released to fortify cloud security.
- Back-Up Your Data – Ensure that your organization has offline backups of all essential information. Remember! The backups must be tested regularly to ensure they work properly.
- Remove Unnecessary Software – By removing unused software, your organization is limiting the attack surface of the devices.
- Employ Email Filtering – Ransomware can be delivered via malicious email attachments, links, or phishing emails. Make certain that your email system blocks suspicious emails and malicious attachments.
- Enact Network Share Access Controls – Limit access on network shares to the minimum needed for each employee to perform their job duties. If everyone has access to everything, one infected machine can quickly compromise an entire network and all files on the network shares.
- Utilize Web Filtering – Block access to undesirable websites. Blocked websites can be filtered by URL or by elements within the URL.
- Proactively Train Your Employees – Educate employees on the threat of ransomware so they can protect their systems and notify fellow staff members in case of suspicious activity.
- Conduct Security Testing – Have penetration testing and risk analyses performed on your cloud and on-premise environments to find vulnerabilities…before they are exploited.
Jon Sternstein assisted as co-author of this blog post and is the author of the Cisco Press course titled “Security Penetration Testing (The Art of Hacking) LiveLessons.” As a Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker, Jon has been a featured expert on ABC News, WRAL News, and Business North Carolina Magazine.
Ted Seward is GrowPath’s Vice President of Marketing, joining its executive leadership team in 2019. Ted is responsible for all marketing and initiatives at GrowPath including growth through the development and execution of the marketing/sales strategy, brand awareness, lead generation, and business development.